162.159.134.42 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 162.159.134.42 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 60/100

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Network: AS13335 cloudflare
  • Noticed: 35 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Open Ports: 2052, 2082, 2083, 2086, 2087, 443, 80, 8080, 8443, 8880
  • Tor Node: No
  • Associated Malware Samples: 118

Tags

  • 64.190.63.111
  • accept
  • accept encoding
  • account
  • account bounce
  • a domains
  • adult content
  • akuma assassin
  • all octoseek
  • all scoreblue
  • amazon02
  • android
  • android overlay
  • apollo
  • artemis
  • as26710 icann
  • as396982 google
  • as44273 host
  • as54113
  • asn16509
  • assaulter
  • asyncrat
  • august
  • back
  • bad points
  • bank
  • bhagam bhag
  • biking
  • bits
  • blister
  • blockchain
  • body
  • body length
  • bounce
  • bounce bmx
  • bts gy200
  • burgman
  • c90 club
  • cachecontrol
  • cellbrite
  • chat forums
  • checkin
  • cisco umbrella
  • citadel
  • ck id
  • ck matrix
  • class
  • click
  • cname
  • cobalt strike
  • code
  • collections
  • command decode
  • common upatre
  • communicating
  • comspec
  • connection
  • contact
  • contacted
  • cookie
  • cookie bot
  • cool
  • copy
  • core
  • create c
  • createdate
  • create new
  • creation date
  • cyber security
  • cyber stalking
  • cyber threat
  • dab0b
  • dab0b l
  • dangerous
  • datalayer
  • date
  • default
  • de indicators
  • detections type
  • dirt bike
  • district
  • div div
  • divergent
  • dns replication
  • dock
  • domain
  • domains
  • downldr
  • downloader
  • dub250
  • ebay
  • emails
  • enablement
  • encrypt
  • entries
  • error
  • execution
  • expiration date
  • expiry
  • exploitation
  • explore
  • extra
  • facebook
  • faq login
  • fastace
  • february
  • figma
  • filehash
  • files
  • final url
  • find
  • footer
  • form
  • format
  • formbook
  • formbook cnc
  • found
  • g5nxq655fgp
  • general
  • general full
  • get updates
  • github pages
  • gmbh version
  • gmt content
  • good points
  • grafana labs
  • gvt google video transcoding
  • hacktool
  • hall law
  • hallrender
  • hashes
  • headers age
  • heur
  • hide
  • high
  • historical ssl
  • hit
  • hiv
  • home screen
  • honey client
  • hostname
  • html
  • html info
  • http
  • http host
  • http response
  • https
  • \http://www.mypurerush.com/images/product/large/EG06%20exhaust%2
  • hybrid
  • identity_helper.exe
  • impressum
  • indonesia
  • input
  • ioc
  • iocs
  • ip address
  • ip check
  • japanese-phishing-site
  • june
  • karma
  • kawasaki
  • kb body
  • kdxgarage
  • label
  • learn
  • legal
  • legend
  • lexmoto
  • lf250b
  • life
  • liked home
  • link
  • linkedin
  • loading
  • lowfi
  • l plate
  • main
  • malicious
  • malicious site
  • malicious url
  • malvertizing
  • malware
  • malware site
  • man
  • march
  • men
  • meta
  • mgeinteg
  • michelle
  • mikuni
  • million
  • mitre att
  • model
  • module load
  • moved
  • mtb feb
  • mtb jan
  • name
  • name servers
  • name value
  • next
  • Nextray
  • ninja
  • no centre
  • nora
  • office open
  • ogilvy
  • org log
  • org meta
  • org og
  • org twitter
  • paddy
  • panther
  • passive dns
  • paste
  • pattern match
  • pegasus
  • persistence
  • phishing
  • phishing site
  • phishing-site
  • phishtank
  • photos videos
  • phpbb
  • physical attacks
  • pit bikes
  • pixel
  • plate warrior
  • please
  • possible
  • post subject
  • privilege https
  • protocol h2
  • pulse pulses
  • pure rush
  • q https
  • qiwi hack
  • quads
  • quick
  • read c
  • record value
  • redacted for
  • referrer
  • regdword
  • register
  • register board
  • registrar
  • regsetvalueexa
  • remember
  • remote procedure call
  • resolutions
  • resource
  • reverse dns
  • ride my
  • ride share
  • right person
  • rogerborg
  • rogerborg nimba
  • romeo scheme
  • safe site
  • sa victim
  • scam
  • scan endpoints
  • script domains
  • script urls
  • search
  • security tls
  • select xmp
  • servers
  • service privacy
  • sha256
  • share
  • show
  • showing
  • show technique
  • sign
  • site
  • skip
  • skynet
  • span
  • spyware
  • sreredrum
  • ssl certificate
  • start
  • status
  • status code
  • status page
  • stomps juicebox
  • strings
  • strong
  • subdomains
  • suricata ipv4
  • suricata udpv4
  • survivor
  • tag manager
  • tags viewport
  • target
  • targeting
  • targets sa
  • team
  • the org
  • threat
  • threat roundup
  • title
  • title bhagam
  • tracking
  • trojan
  • tsara brashears
  • twitter
  • union
  • united
  • unknown
  • unsafe
  • upatre
  • url https
  • urls
  • urls https
  • username
  • utc google
  • value
  • visa scheme
  • warrior
  • welcome
  • whois record
  • whois whois
  • win32
  • win32 exe
  • Win32:Unruy-AA\\ Trj
  • window
  • wininit
  • Win.Trojan.Unruy-277
  • woman
  • worm
  • write
  • write c
  • written
  • xml document
  • x pit
  • xrat
  • yandex dropper extend
  • yara rule
  • youtube video
  • zeus

MITRE ATT&CK TTPs

  • T1027 - Obfuscated Files or Information
  • T1029 - Scheduled Transfer
  • T1031 - Modify Existing Service
  • T1040 - Network Sniffing
  • T1045 - Software Packing
  • T1057 - Process Discovery
  • T1059.006 - Python
  • T1059.007 - JavaScript
  • T1059 - Command and Scripting Interpreter
  • T1060 - Registry Run Keys / Startup Folder
  • T1068 - Exploitation for Privilege Escalation
  • T1071.001 - Web Protocols
  • T1071.004 - DNS
  • T1071 - Application Layer Protocol
  • T1105 - Ingress Tool Transfer
  • T1112 - Modify Registry
  • T1114 - Email Collection
  • T1129 - Shared Modules
  • T1143 - Hidden Window
  • T1449 - Exploit SS7 to Redirect Phone Calls/SMS
  • T1566 - Phishing
  • T1568.002 - Domain Generation Algorithms
  • T1568 - Dynamic Resolution
  • T1583.005 - Botnet

Passive DNS

  • tnc.myeetusa.com

Attack Log References

Whois Information

NetRange: 162.158.0.0 - 162.159.255.255 CIDR: 162.158.0.0/15 NetName: CLOUDFLARENET NetHandle: NET-162-158-0-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: AS13335 Organization: Cloudflare, Inc. (CLOUD14) RegDate: 2013-05-23 Updated: 2021-05-26 Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse Ref: https://rdap.arin.net/registry/ip/162.158.0.0 OrgName: Cloudflare, Inc. OrgId: CLOUD14 Address: 101 Townsend Street City: San Francisco StateProv: CA PostalCode: 94107 Country: US RegDate: 2010-07-09 Updated: 2021-07-01 Ref: https://rdap.arin.net/registry/entity/CLOUD14 OrgNOCHandle: CLOUD146-ARIN OrgNOCName: Cloudflare-NOC OrgNOCPhone: +1-650-319-8930 OrgNOCEmail: noc@cloudflare.com OrgNOCRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN OrgAbuseHandle: ABUSE2916-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-650-319-8930 OrgAbuseEmail: abuse@cloudflare.com OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN OrgRoutingHandle: CLOUD146-ARIN OrgRoutingName: Cloudflare-NOC OrgRoutingPhone: +1-650-319-8930 OrgRoutingEmail: noc@cloudflare.com OrgRoutingRef: https://rdap.arin.net/registry/entity/CLOUD146-ARIN OrgTechHandle: ADMIN2521-ARIN OrgTechName: Admin OrgTechPhone: +1-650-319-8930 OrgTechEmail: rir@cloudflare.com OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN RAbuseHandle: ABUSE2916-ARIN RAbuseName: Abuse RAbusePhone: +1-650-319-8930 RAbuseEmail: abuse@cloudflare.com RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2916-ARIN RNOCHandle: NOC11962-ARIN RNOCName: NOC RNOCPhone: +1-650-319-8930 RNOCEmail: noc@cloudflare.com RNOCRef: https://rdap.arin.net/registry/entity/NOC11962-ARIN RTechHandle: ADMIN2521-ARIN RTechName: Admin RTechPhone: +1-650-319-8930 RTechEmail: rir@cloudflare.com RTechRef: https://rdap.arin.net/registry/entity/ADMIN2521-ARIN